You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hawq.apache.org by "Hongxu Ma (JIRA)" <ji...@apache.org> on 2017/09/25 08:35:00 UTC
[jira] [Updated] (HAWQ-1510) Add TDE-related functionality into
hawq command line tools
[ https://issues.apache.org/jira/browse/HAWQ-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hongxu Ma updated HAWQ-1510:
----------------------------
Description:
1, hawq init
the only way to enable tde in hawq:
user should give a key name(already created by hadoop key command) parameter when execuate the init command, it makes the whole hawq_default directory as an encryption zone.
note:
* cannot support transfer the existed(and non-empty) hawq_default directory into an encryption zone.
* create encryption zone need hdfs *superuser privilege*, so if hawq user and hdfs superuser is not the same one, you should create the encryption zone on hawq directory manually before running hawq-init script, example:
{code}
hdfs crypto -createZone -keyName key_demo -path /hawq_default/
{code}
command:
{code}
hawq init cluster --tde_keyname key_demo
{code}
-2, hawq state-
-show the encryption zone info if user enable tde in hawq.-
-3, hawq register-
cannot register file in different encryption zones / un-encryption zones.
-4, hawq extract-
give user a warning of the table data is stored in encryption zone if user enable tde in hawq.
was:
1, hawq init
the only way to enable tde in hawq:
user should give a key name(already created by hadoop key command) parameter when execuate the init command, it makes the whole hawq_default directory as an encryption zone.
note:
* cannot support transfer the existed(and non-empty) hawq_default directory into an encryption zone.
* create encryption zone need hdfs *superuser privilege*, so if hawq user and hdfs superuser is not the same one, you should create the encryption zone on hawq directory manually before running hawq-init script, example:
{code}
hdfs crypto -createZone -keyName key_demo -path /hawq_default/
{code}
command:
{code}
hawq init cluster --tde_keyname key_demo
{code}
-2, hawq state-
-show the encryption zone info if user enable tde in hawq.-
3, hawq register
cannot register file in different encryption zones / un-encryption zones.
4, hawq extract
give user a warning of the table data is stored in encryption zone if user enable tde in hawq.
> Add TDE-related functionality into hawq command line tools
> ----------------------------------------------------------
>
> Key: HAWQ-1510
> URL: https://issues.apache.org/jira/browse/HAWQ-1510
> Project: Apache HAWQ
> Issue Type: Sub-task
> Components: Command Line Tools
> Reporter: Hongxu Ma
> Assignee: Hongxu Ma
> Fix For: 2.3.0.0-incubating
>
>
> 1, hawq init
> the only way to enable tde in hawq:
> user should give a key name(already created by hadoop key command) parameter when execuate the init command, it makes the whole hawq_default directory as an encryption zone.
> note:
> * cannot support transfer the existed(and non-empty) hawq_default directory into an encryption zone.
> * create encryption zone need hdfs *superuser privilege*, so if hawq user and hdfs superuser is not the same one, you should create the encryption zone on hawq directory manually before running hawq-init script, example:
> {code}
> hdfs crypto -createZone -keyName key_demo -path /hawq_default/
> {code}
> command:
> {code}
> hawq init cluster --tde_keyname key_demo
> {code}
> -2, hawq state-
> -show the encryption zone info if user enable tde in hawq.-
> -3, hawq register-
> cannot register file in different encryption zones / un-encryption zones.
> -4, hawq extract-
> give user a warning of the table data is stored in encryption zone if user enable tde in hawq.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)